<?php
if (LZ_MODULE != 'phpdisk') die('Access Denied');
$user = $_SESSION['user'];
$root = $user["root"];
$path = $_POST['path'];

$path=dealpath($path);
if (!$path) exit3("path error:".$_POST['path'].' root:'.$root,0);
$action = $_REQUEST['action'];

include_once(LZ_BASEPATH.'library/svn.php');
$svn = new Svn;
if ($_SESSION['login_user']['status'] != 'admin')
{
	$svn->repo_path = $_SESSION['repo_path'];
	$svn->co_path = $_SESSION['co_path'];
}
else
{
	$svn->repo_path = $_SESSION['repo_path'];
	$svn->co_path = $_SESSION['co_path'];

	$_path = str_replace($config['document_root'],'',$path);

	if (preg_match('/([a-zA-Z0-9]{32})\/([a-zA-Z0-9]{32})/',$_path,$ms))
	{
		$svn->repo_path .= $ms[1].'/'.$ms[2].'/';
		$svn->co_path .= $ms[1].'/'.$ms[2].'/';
	}
	else
	{
		exit3("Denied",0);
	}
}

////////////upload/////////////
if ($action=="upsave" && $user["upfile"])
{
	if (substr($path,-1)!="/") $path.="/";
	$tt=0;
	$error='';
	//$tsize = 0;
	$customer_used_size = get_folder_size($user['root']);
	$customer_total = size_to_byte($config['default_customer_size']);
	
	if (!is_writable($path))
	{
		exit3(CAN_NOT_WRITE,0);
	}
	foreach($_FILES as $file)
	{
		if ($file['tmp_name'])
		{
			$myfile=$file["tmp_name"];
			//$file["name"] = @iconv("UTF-8",$config['host_charset'],$file["name"]);
			$myfile_name=checkfilename($file["name"]);
			$ftype = getext($myfile_name);
			$fsize = filesize($myfile);
			if ($fsize > size_to_byte($config['max_upload_size']))
			{
				exit3(str_replace('{size}',$config['max_upload_size'],FILE_TOO_LARGE),0);
			}
			if ($fsize + $customer_used_size > $customer_total)
			{
				exit3(SPACE_FULL,0);
			}
			
			$svn_update = false;
			if (file_exists($path.name_encode($myfile_name)))
			{
				if ( @unlink($path.name_encode($myfile_name)) )
				{
					//include_once(LZ_BASEPATH.'model/lock.php');
					//$lock = new LZ_Lock;
					//$lock->delete($path);
					$svn_update = true;
				}
				else
				{
					$error.=$myfile_name.UPLOAD_ERROR."\\n";
					continue;
				}
			}
			
			if ($myfile_name!= $file["name"] || !$myfile_name)
			{
				$error.="{$myfile_name} ".UPLOAD_ERROR."\\n";
			}
			
			
			else if (@move_uploaded_file($myfile,$path.name_encode($myfile_name)))
			{
				if (!$svn_update)
					$svn->add($path.name_encode($myfile_name));
				else
					$svn->commit("update|'".$path.name_encode($myfile_name)."'");
				
				$tt++;
				//$tsize += filesize($path.$myfile_name);
			}
			else
			{
				$error.=$myfile_name.UPLOAD_ERROR."\\n";
				continue;
			}
		}
		else {
			exit3(PLEASE_SELECT_FILE."\\n");
		}
	}
	$str= $tt?UPLOAD_SUCCESS:'';
	//$str.="\\n:".TOTAL_SIZE.dealsize($tsize)."\\n";
	$str.=($error)?"\\n".ERROR.":\\n".$error:"";
	exit3($str);
}
else if ($action=="save_and_unlock")
{
	if (!file_exists($path))
	{
		exit3('Not found!',0);
	}
	
	
	$customer_used_size = get_folder_size($user['root']);
	$customer_total = size_to_byte($config['default_customer_size']);
	foreach($_FILES as $file)
	{
		if ($file['tmp_name'])
		{
			$myfile=$file["tmp_name"];
			$myfile_name=checkfilename($file["name"]);
			$ftype = getext($myfile_name);
			$fsize = filesize($myfile);
			if ($fsize > size_to_byte($config['max_upload_size']))
			{
				exit3(str_replace('{size}',$config['max_upload_size'],FILE_TOO_LARGE),0);
			}
			
			if ($fsize + $customer_used_size > $customer_total)
			{
				exit3(SPACE_FULL,0);
			}
			
			if ($myfile_name!= $file["name"] || !$myfile_name)
			{
				$error.="{$myfile_name} ".UPLOAD_ERROR."\\n";
			}
			else
			{
				if (@unlink($path) && @move_uploaded_file($myfile,$path))
				{
					include_once(LZ_BASEPATH.'model/lock.php');
					//$lock = new LZ_Lock;
					//$lock->delete($path);
					$svn->commit("update|$path");
				}
				else
				{
					$error.=$myfile_name.UPLOAD_ERROR."\\n";
					continue;
				}
			}
		}
	}
	$str= UPLOAD_SUCCESS;
	$str.=($error)?"\\n".ERROR.":\\n".$error:"";
	$ss = "<script language=javascript>parent.notice('$str');";
	$ss.= "parent.reloaddata();parent.jQuery('#upload_and_unlock').fadeOut(300);";
	$ss.="</script>";
	exit($ss);
}
else
{
	exit3("Access Denied",0);
}

function exit3($s,$r=1)
{
	$ss = "<script language=javascript>parent.notice('$s');";
	$ss.=($r)?"parent.reloaddata();parent.upload();parent.clearupfile();":"";
	$ss.="</script>";
	exit($ss);
}

function checkfilename($file)
{
	if (!$file) return false;
	$file = trim($file);
	$a = substr($file,-1);
	while ($a =="." || $a =="/" || $a == "\\" || $a == " " || $a == "'" || $a == "+" || $a == "&" || $a == "\"" || $a == ".")
	{
		$file=substr($file,0,-1);
		$a = substr($file,-1);
	}
	$arr = array("../","./","..\\",".\\");
	$file = str_replace($arr,"",$file);
	return $file;
}
?>
